rgw_iam_add_crypt_attrs(s->env, s->info.crypt_attribute_map);
if (s->iam_policy || ! s->iam_user_policies.empty() || ! s->session_policies.empty()) {
- if (s->bucket->get_info().obj_lock_enabled() && bypass_governance_mode) {
- auto r = eval_identity_or_session_policies(this, s->iam_user_policies, s->env,
- rgw::IAM::s3BypassGovernanceRetention, ARN(s->bucket->get_key(), s->object->get_name()));
- if (r == Effect::Deny) {
- bypass_perm = false;
- } else if (r == Effect::Pass && s->iam_policy) {
- ARN arn(s->bucket->get_key(), s->object->get_name());
- r = s->iam_policy->eval(s->env, *s->auth.identity, rgw::IAM::s3BypassGovernanceRetention, arn);
- if (r == Effect::Deny) {
- bypass_perm = false;
- }
- } else if (r == Effect::Pass && !s->session_policies.empty()) {
- r = eval_identity_or_session_policies(this, s->session_policies, s->env,
- rgw::IAM::s3BypassGovernanceRetention, ARN(s->bucket->get_key(), s->object->get_name()));
- if (r == Effect::Deny) {
- bypass_perm = false;
- }
- } else if (r == Effect::Pass) {
- bypass_perm = false;
- }
- bypass_governance_mode &= bypass_perm;
- }
auto identity_policy_res = eval_identity_or_session_policies(this, s->iam_user_policies, s->env,
rgw::IAM::s3PutObject,
s->object->get_obj());
std::unique_ptr<rgw::sal::Notification> res;
std::unique_ptr<rgw::sal::Object> meta_obj;
off_t ofs = 0;
- //object lock
- bool bypass_perm = true;
- bool bypass_governance_mode = false;
public:
RGWCompleteMultipart() {}
std::tie(op_ret, data) = read_all_input(s, max_size);
if (op_ret < 0)
return op_ret;
-
- const char *bypass_gov_header = s->info.env->get("HTTP_X_AMZ_BYPASS_GOVERNANCE_RETENTION");
- if (bypass_gov_header) {
- std::string bypass_gov_decoded = url_decode(bypass_gov_header);
- bypass_governance_mode = boost::algorithm::iequals(bypass_gov_decoded, "true");
- }
return 0;
}
projects / ceph.git / commitdiff